Higgins home Eclipse home

Higgins Charter

Motivation

The initial motivation for Higgins was a desire to have systems that operated on behalf of the user – enabling the user to have more convenience, privacy and control over their identity and profile information. Because people want to share information differently in different contexts, (e.g. people share health information with a doctor, but not with a job search site), we realized that to build these types of applications there needed to be a framework that was aware of context and allowed information to be shared across contexts only in carefully controlled ways based on the underlying relationships. These goals have driven the design of our framework API, the plug-ins that enable information to be shared across multiple sources, and the development of a common user interface for the management and release of identity information.

As users we wanted to make it possible to develop these types of systems. As developers we wanted to create an infrastructure and ecosystem to efficiently develop these applications. The need to improve interoperability, security and privacy in loosely coupled systems, especially those that span organizational boundaries has grown dramatically in recent years and spawned a large number of identity management systems and protocols. These systems maintain a real or virtual directory of identities, each with profile attributes, roles, access permissions and so on. It is increasingly understood that top-down, enterprise oriented, approaches have limitations, and there are many use cases where it makes sense to organize identity information from the point of view of the user. Also, there is often a need to manage more than just “point” identities (i.e. the digital identifiers and profiles of people and systems). Many applications need to manage relationships between identities—what we call the social context. Examples of these applications include groupware, virtual directories, and social networking.

Scope

Higgins intends to address five areas:

1. Provide a consistent user experience based on card icons for the management and release of identity data. This is needed in order to have a trusted mechanism for authentication and other interactions that is less vulnerable to phishing and other attacks and that works for a wide variety of users and systems.

2. Empower users with more convenience and control over personal information distributed across external information silos. Provide a single point of control over multiple identities, preferences and relationships. The lack of a trusted infrastructure that allows people to selectively share information on the web while protecting their privacy is limiting the growth and use of the Internet. Working in partnership with development organizations and academic research groups, this project is creating a key part of the open source infrastructure required for an open, accountable, socially-searchable web while ensuring privacy and personal control over identity information.

3. Provide an API and data model for the virtual integration and federation of identity and security information from a wide variety of sources. Although there continue to be attempts to create a single universal identity system, the reality is that we will live in a heterogeneous, multi-protocol, world for a long time. Rather than introduce yet another new system or protocol, Higgins defines several kinds of provider plug-ins that allow developers to create adapters to legacy systems, protocols, and security format types. Previously the application developer who needed to integrate identity systems was forced to learn the intricacies of each system and/or protocol. The lack of a common API meant that this learning investment was not transferable. Higgins offers a common API/framework, provides sample services, and encourages developers to create provider plug-ins for existing and new systems

4. Provide plug-in adapters to enable existing data sources including directories, communications systems, collaboration systems and databases each using differing protocols and schemas to be integrated into the framework. To encourage the development of plug-in adaptors to common systems, the Higgins project is creating a set of exemplary “provider” plug-ins. The project welcomes the participation of organizations and individual developers to create plug-ins for their software packages.

5. Provide a social relationship data integration framework that enables these relationships to be persistent and reusable across application boundaries. It organizes relationships into a set of distinct social contexts within which a person expresses different personas and roles. The existence of common identity and social relationship framework makes possible new kinds of applications. Applications that make it easy to manage identities, relationships, reputation and trust within and across multiple contexts. Of particular interest are applications that work on behalf of a user to manage their own profiles, relationships, and reputation across their various personal and professional groups, teams, and other organizational affiliations while preserving their privacy. These applications could, for example, provide users with the ability to: discover new groups through shared affinities; find new team members based on reputation and background; sort, filter and visualize their social networks. Applications could be used by organizations to build and manage their networks of networks.

Higgins makes possible new kinds of applications that manage the user’s identity across multiple contexts. Our hope is that developers can use it to implement identity and social networking-related functionality in their applications, instead of creating this functionality from scratch. Here are some examples. They could use an existing Higgins context provider to manage the list of identities, member records, etc. as well as all associated attribute data used by their application. They could use the Higgins’ context abstraction as “glue” to integrate multiple existing enterprise directories. Or they could add “peripheral vision” of other co-worker’s member’s online presence, contact information, and reputation to their application.